From 07705371d024073fb4347ed1548d5554da7df8ac Mon Sep 17 00:00:00 2001
From: Tomas <tomasysh@gmail.com>
Date: 星期二, 01 八月 2023 12:39:14 +0800
Subject: [PATCH] Merge branch '2023_CR2' of https://dev.pollex.com.tw:8443/r/pcalife/PAM into 2023_CR2
---
pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java | 47 ++++++++++++++++++++++++++++++++++++++---------
1 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index 06a1eab..8c9dd25 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -1,11 +1,13 @@
package com.pollex.pam.web.rest;
-import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
-import com.pollex.pam.business.service.ConsultantService;
-import com.pollex.pam.security.jwt.JWTFilter;
-import com.pollex.pam.security.jwt.TokenProvider;
-import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
-import com.pollex.pam.business.web.vm.EServiceLoginVM;
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
@@ -13,16 +15,27 @@
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
-import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
+import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
+import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.EServiceLoginVM;
+import com.pollex.pam.security.jwt.JWTFilter;
+import com.pollex.pam.security.jwt.TokenProvider;
@RestController
@RequestMapping("/api/eService")
public class EServiceResource {
+
+ private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);
+
@Autowired
AuthenticationManagerBuilder authenticationManagerBuilder;
@@ -34,8 +47,24 @@
ConsultantService consultantService;
@AuditLoggingInject(type = CONSULTANT_LOGIN)
- @PostMapping("/authenticate")
- public ResponseEntity<UserJWTController.JWTToken> authorize(@RequestBody EServiceLoginVM eServiceLoginVM) {
+ @PostMapping("/authenticate/{imgCode}")
+ public ResponseEntity<UserJWTController.JWTToken> authorize(
+ @RequestBody EServiceLoginVM eServiceLoginVM
+ , HttpServletResponse response, HttpServletRequest request,
+ @PathVariable String imgCode){
+ HttpSession session = request.getSession();
+ String sessionImpCode = (String) session.getAttribute("img_code");
+
+ if (!StringUtils.hasText(sessionImpCode)
+ || !StringUtils.hasText(imgCode)) {
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+ }
+
+ if(!imgCode.equals(sessionImpCode)) {
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+ }
+ session.setAttribute("img_code", null);
+
EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
eServiceLoginVM.getUsername(),
eServiceLoginVM.getPassword()
--
Gitblit v1.8.0